CVE-2024-57072 | module-from-string 3.3.1 lib.requireFromString prototype pollution

Posted by Angelo Barbosa | Feb 6, 2025 | CVE

A vulnerability was found in module-from-string 3.3.1 and classified as problematic. This issue affects the function lib.requireFromString. The manipulation leads to improperly controlled modification of object prototype attributes (‘prototype pollution’).

The identification of this vulnerability is CVE-2024-57072. The attack can only be done within the local network. There is no exploit available.

CVE-2024-57072 | module-from-string 3.3.1 lib.requireFromString prototype pollution

Related Posts

CVE-2024-9438 | SEUR Oficial Plugin up to 2.2.11 on WordPress cross site scripting

CVE-2023-49835 | Post Duplicator Plugin up to 2.31 on WordPress mtphr_duplicate_post authorization

CVE-2024-12708 | Bulk Me Now Plugin up to 2.0 on WordPress Shortcode Attribute cross site scripting

CVE-2023-1001 | xuliangzhan vxe-table up to 3.7.9 vxe-textarea textarea.js export inputValue cross site scripting (I8O21R)